Re: GSS-API channel bindings
Nicolas Williams <Nicolas.Williams@sun.com> Thu, 15 July 2004 18:31 UTC
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i6FIVYFN089623; Thu, 15 Jul 2004 11:31:34 -0700 (PDT) (envelope-from owner-ietf-sasl@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i6FIVYRr089622; Thu, 15 Jul 2004 11:31:34 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f
Received: from nwkea-mail-1.sun.com (nwkea-mail-1.sun.com [192.18.42.13]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i6FIVVfF089598 for <ietf-sasl@imc.org>; Thu, 15 Jul 2004 11:31:31 -0700 (PDT) (envelope-from nw141292@binky.central.sun.com)
Received: from centralmail1brm.Central.Sun.COM ([129.147.62.1]) by nwkea-mail-1.sun.com (8.12.10/8.12.9) with ESMTP id i6FIVHJ6002650; Thu, 15 Jul 2004 11:31:17 -0700 (PDT)
Received: from binky.central.sun.com (binky.Central.Sun.COM [129.153.128.104]) by centralmail1brm.Central.Sun.COM (8.12.10+Sun/8.12.10/ENSMAIL,v2.2) with ESMTP id i6FIV18X024824; Thu, 15 Jul 2004 12:31:01 -0600 (MDT)
Received: from binky.central.sun.com (localhost [127.0.0.1]) by binky.central.sun.com (8.12.11+Sun/8.12.11) with ESMTP id i6FIS7ZJ646312; Thu, 15 Jul 2004 13:28:22 -0500 (CDT)
Received: (from nw141292@localhost) by binky.central.sun.com (8.12.11+Sun/8.12.11/Submit) id i6FIS7qs646311; Thu, 15 Jul 2004 13:28:07 -0500 (CDT)
Date: Thu, 15 Jul 2004 13:28:07 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Simon Josefsson <jas@extundo.com>
Cc: ietf-sasl@imc.org
Subject: Re: GSS-API channel bindings
Message-ID: <20040715182807.GZ632478@binky.central.sun.com>
Mail-Followup-To: Simon Josefsson <jas@extundo.com>, ietf-sasl@imc.org
References: <40DC9563.4070006@isode.com> <40E1381F.4020409@isode.com> <ilufz86j3iq.fsf_-_@latte.josefsson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <ilufz86j3iq.fsf_-_@latte.josefsson.org>
User-Agent: Mutt/1.4.1i
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
On Mon, Jul 05, 2004 at 09:51:09AM +0200, Simon Josefsson wrote:
>
> There is a requirement that the GSS-API channel bindings are NULL.
> I'd feel more comfortable if there was a way to somehow make use of
> channel bindings, to link the authentication to the specific channel.
> Does anyone have ideas on whether to add this, and if the answer is
> positive, how it might be done?
1. Existing GSS-API mechanisms fail to correctly deal with channel
bindings. E.g., SPKM is way underspaecified in general, and here
specifically; also, the Kerberos V mechanism does not have a way for
the acceptor to prove to the initiator that it too has the same
channel bindings as the initiator.
2. We're trying to address this through a stackable pseudo-mechanism
(CCM-BIND) one of whose purposes is to address this problem. See:
draft-ietf-nfsv4-ccm-03.txt
3. The whole subject of channel bindings needs further specification.
I'm about to submit a new version of
draft-ietf-nfsv4-channel-bindings (-01.txt)
that does this and which describes what goes into the channel
bindings for SSHv2, TLS and IPsec channels, and then I'll submit
draft-williams-gssapi-channel-bindings-00.txt
for the KITTEN BoF (and, hopefully, WG), which fills in the details
of how to use channel bindings to SSHv2, TLS and IPsec channels with
the GSS-API. The deadline for filing new I-Ds has passed though, so
this won't get posted to the I-D repository until after this
meeting.
4. Given CCM-BIND and the two other drafts it should be possible to use
SASL with GSS-API channel bindings; SASL APIs will have to be
modified so the application can provide the necessary channel
information.
5. I have proposed a set of interfaces for determining the features of
GSS mechs, as part of a framework for stackable pseudo-mechanisms,
which should help GSS apps avoid having to hardcode mechanism OIDs
and information about them (e.g., "channel bindings work well with
this mechanism, but not with that one").
See:
draft-williams-gssapi-stackable-pseudo-mechs-00.txt
As you can see, there's a lot of activity around this topic.
> I understand that the simplest "solution", from the SASL mechanism
> point of view, might simply be to consider GSS-API mechanisms, that
> doesn't link gss_wrap/gss_get_mic tokens with one specific
> authentication, as broken. However, channel bindings are provided by
> GSS-API to enable applications to close this hole, hence these GSS-API
> mechanisms can probably not be viewed as broken in general. So it is
> unfortunate that the SASL wrapping of GSS-API forbid channel bindings.
> I'd say this warrant a paragraph in the security section, unless the
> text about channel bindings is loosened up.
The SASL handling of GSS-API mechanisms does need some tweaking, both,
in light of the above and to provide for re-keying (GSS-API contexts can
expire, after all) by reestablishing GSS security contexts for the
principals involved.
Cheers,
Nico
--
- New revision of draft-ietf-sasl-gssapi Alexey Melnikov
- GSS-API channel bindings Simon Josefsson
- Re: GSS-API channel bindings Nicolas Williams
- Re: GSS-API channel bindings Simon Josefsson
- Re: GSS-API channel bindings Nicolas Williams
- Re: GSS-API channel bindings Alexey Melnikov
- Re: GSS-API channel bindings Nicolas Williams